CVE-2022-26717
Published on: Not Yet Published
Last Modified on: 11/03/2022 01:14:00 PM UTC
Certain versions of Ipados from Apple contain the following vulnerability:
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2022-26717 has been assigned by
product-sec[email protected] to track the vulnerability - currently rated as HIGH severity.
CVSS3 Score: 8.8 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | NONE | REQUIRED |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | HIGH | HIGH | HIGH |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
About the security content of Safari 15.5 - Apple Support | support.apple.com text/html |
![]() |
About the security content of tvOS 15.5 - Apple Support | support.apple.com text/html |
![]() |
About the security content of watchOS 8.6 - Apple Support | support.apple.com text/html |
![]() |
About the security content of iOS 15.5 and iPadOS 15.5 - Apple Support | support.apple.com text/html |
![]() |
About the security content of macOS Monterey 12.4 - Apple Support | support.apple.com text/html |
![]() |
About the security content of iTunes 12.12.4 for Windows - Apple Support | support.apple.com text/html |
![]() |
Related QID Numbers
- 160217 Oracle Enterprise Linux Security Update for webkit2gtk3 (ELSA-2022-7704)
- 160305 Oracle Enterprise Linux Security Update for webkit2gtk3 (ELSA-2022-8054)
- 179342 Debian Security Update for wpewebkit (DSA 5155-1)
- 179343 Debian Security Update for webkit2gtk (DSA 5154-1)
- 184293 Debian Security Update for webkit2gtkwpewebkit (CVE-2022-26717)
- 198814 Ubuntu Security Notification for WebKitGTK Vulnerabilities (USN-5457-1)
- 240833 Red Hat Update for webkit2gtk3 (RHSA-2022:7704)
- 240910 Red Hat Update for webkit2gtk3 (RHSA-2022:8054)
- 282802 Fedora Security Update for webkit2gtk3 (FEDORA-2022-e883576e1c)
- 282838 Fedora Security Update for webkit2gtk3 (FEDORA-2022-c05acca28d)
- 355438 Amazon Linux Security Advisory for webkitgtk4 : ALAS2-2023-2088
- 376602 Apple Safari Multiple Vulnerabilities (HT213260)
- 376612 Apple macOS Monterey 12.4 Not Installed (HT213257)
- 376654 Apple iTunes for Windows Prior to 12.12.4 Vulnerabilities (HT213259)
- 610416 Apple iOS 15.5 and iPadOS 15.5 Security Update Missing (HT213258)
- 710613 Gentoo Linux WebKitGTK+ Multiple Vulnerabilities (GLSA 202208-39)
- 752211 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:2030-1)
- 752232 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:2071-1)
- 752233 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:2072-1)
- 752239 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:2089-1)
- 940779 AlmaLinux Security Update for webkit2gtk3 (ALSA-2022:7704)
- 940844 AlmaLinux Security Update for webkit2gtk3 (ALSA-2022:8054)
- 960171 Rocky Linux Security Update for webkit2gtk3 (RLSA-2022:7704)
- 960649 Rocky Linux Security Update for webkit2gtk3 (RLSA-2022:8054)
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Operating System | Apple | Ipados | All | All | All | All |
Operating System | Apple | Iphone Os | All | All | All | All |
Application | Apple | Itunes | All | All | All | All |
Operating System | Apple | Macos | All | All | All | All |
Application | Apple | Safari | All | All | All | All |
Operating System | Apple | Tvos | All | All | All | All |
Operating System | Apple | Watchos | All | All | All | All |
- cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*:
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*:
- cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*:
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*:
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*:
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*:
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
Apple iOS and iPadOS code execution | CVE-2022-26717 - redpacketsecurity.com/apple-ios-and-… | 2022-05-17 09:01:14 |
![]() |
Researchers created a PoC exploit for Safari CVE-2022-26717 bug securityonline.info/researchers-cr… #opensource #infosec #security #pentest | 2022-05-19 10:26:41 |
![]() |
? Researchers created a PoC exploit for Safari CVE-2022-26717 bug securityonline.info/researchers-cr… #security #cybernews… twitter.com/i/web/status/1… | 2022-05-19 10:32:01 |
![]() |
Researchers created a PoC exploit for Safari CVE-2022-26717 bug dlvr.it/SQfs80 via securityonline https://t.co/bsudc3OSG7 | 2022-05-19 10:32:05 |
![]() |
Researchers created a PoC exploit for Safari CVE-2022-26717 bug securityonline.info/researchers-cr… | 2022-05-19 10:44:59 |
![]() |
"Researchers created a PoC exploit for Safari CVE-2022-26717 bug" via Penetration Testing ift.tt/0P3fAHU | 2022-05-19 11:56:27 |
![]() |
api.follow.it/track-rss-stor… Researchers created a PoC exploit for Safari CVE-2022-26717 bug #cybersecurity | 2022-05-19 13:15:11 |
![]() |
If you run Safari, update now. CVE-2022-26717 WebGL XFB Use After Free Vulnerability POC is freely available while… twitter.com/i/web/status/1… | 2022-05-19 13:53:59 |
![]() |
Researchers created a PoC exploit for Safari CVE-2022-26717 bug - securityonline.info/researchers-cr… | 2022-05-19 14:06:22 |
![]() |
Researchers created a PoC exploit for Safari CVE-2022-26717 bug securityonline.info/researchers-cr… #Pentesting #CyberSecurity… twitter.com/i/web/status/1… | 2022-05-19 23:01:14 |
![]() |
#exploit CVE-2022-26717: Safari WebGL XFB UAF github.com/theori-io/CVE-… | 2022-05-20 03:01:26 |
![]() |
The vuln CVE-2022-26717 has a tweet created 0 days ago and retweeted 10 times. twitter.com/_mattata/statu… #pow1rtrtwwcve | 2022-05-20 04:06:01 |
![]() |
■■■□□ Researchers created a PoC exploit for Safari CVE-2022-26717 bug. securityonline.info/researchers-cr… | 2022-05-20 06:08:27 |
![]() |
CVE-2022-26717 Safari WebGL XFB Use After Free Vulnerability github.com/theori-io/CVE-… #cve #exploit | 2022-05-20 06:18:25 |
![]() |
CVE-2022-26717 Safari WebGL XFB Use After Free Vulnerability github.com/theori-io/CVE-… #cve #exploit GitHub - theo… twitter.com/i/web/status/1… | 2022-05-20 06:36:53 |
![]() |
The vuln CVE-2022-26717 has a tweet created 0 days ago and retweeted 10 times. twitter.com/ptracesecurity… #pow1rtrtwwcve | 2022-05-20 08:06:00 |
![]() |
Researchers created a PoC exploit for Safari CVE-2022-26717 bug. securityonline.info/researchers-cr… | 2022-05-20 14:55:54 |
![]() |
GitHub - theori-io/CVE-2022-26717-Safari-WebGL-Exploit - github.com/theori-io/CVE-… | 2022-05-21 05:25:38 |
![]() |
Safari WebGL XFB Use After Free Vulnerability github.com/theori-io/CVE-… | 2022-05-21 05:57:57 |
![]() |
Safari WebGL XFB Use After Free Vulnerability github.com/theori-io/CVE-… Dinosn | 2022-05-21 08:47:39 |
![]() |
Safari WebGL XFB Use After Free Vulnerability github.com/theori-io/CVE-… #Pentesting #Vulnerability #CyberSecurity… twitter.com/i/web/status/1… | 2022-05-21 18:00:43 |
![]() |
theori-io/CVE-2022-26717-Safari-WebGL-Exploit #Cybersecurity #security via twinybots.ch github.com/theori-io/CVE-… | 2022-05-21 18:15:32 |
![]() |
■■■■■ Zero-Day: Safari WebGL XFB Use After Free Vulnerability. github.com/theori-io/CVE-… | 2022-05-21 18:17:13 |
![]() |
Zero-Day: Safari WebGL XFB Use After Free Vulnerability. github.com/theori-io/CVE-… | 2022-05-21 23:35:59 |
![]() |
theori-io/CVE-2022-26717-Safari-WebGL-Exploit #Cybersecurity #security github.com/theori-io/CVE-… | 2022-05-22 05:01:22 |
![]() |
theori-io/CVE-2022-26717-Safari-WebGL-Exploit #Cybersecurity #security via twinybots.ch github.com/theori-io/CVE-… | 2022-05-22 16:53:11 |
![]() |
theori-io/CVE-2022-26717-Safari-WebGL-Exploit #Cybersecurity #security github.com/theori-io/CVE-… | 2022-05-22 17:06:21 |
![]() |
theori-io/CVE-2022-26717-Safari-WebGL-Exploit #Cybersecurity #security via twinybots.ch github.com/theori-io/CVE-… | 2022-05-22 17:44:42 |
![]() |
theori-io/CVE-2022-26717-Safari-WebGL-Exploit #Cybersecurity #security via twinybots.ch github.com/theori-io/CVE-… | 2022-05-23 11:05:04 |
![]() |
"Researchers created a PoC exploit for Safari CVE-2022-26717 bug" #pentest #redteam #infosec… twitter.com/i/web/status/1… | 2022-06-23 09:29:02 |
![]() |
"Researchers created a PoC exploit for Safari CVE-2022-26717 bug" #pentest #redteam #infosec… twitter.com/i/web/status/1… | 2022-06-23 11:45:08 |
![]() |
Researchers created a PoC exploit for Safari CVE-2022-26717 bug securityonline.info/researchers-cr… | 2022-06-29 14:33:40 |
![]() |
The vuln CVE-2022-26717 has a tweet created 0 days ago and retweeted 14 times. twitter.com/reverseame/sta… #pow1rtrtwwcve | 2022-06-30 08:06:01 |
![]() |
Researchers created a PoC #exploit for #Safari #CVE-2022-26717 #bug #hacking #pentesting #apple #mac #iphone #ipad… twitter.com/i/web/status/1… | 2022-07-01 13:55:01 |
![]() |
"Researchers created a PoC exploit for Safari CVE-2022-26717 bug" #pentest #redteam #infosec… twitter.com/i/web/status/1… | 2022-10-08 13:28:02 |
![]() |
The vuln CVE-2022-26717 has a tweet created 0 days ago and retweeted 10 times. twitter.com/CyberWarship/s… #pow1rtrtwwcve | 2022-10-08 16:06:00 |
![]() |
Researchers created a PoC exploit for Safari CVE-2022-26717 bug securityonline.info/researchers-cr… | 2022-10-08 18:47:50 |
![]() |
CVE-2022-26717 har-sia.info/CVE-2022-26717… #HarsiaInfo | 2022-10-09 23:01:29 |
![]() |
MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution - PATCH: NOW | 2022-05-17 13:11:14 |
![]() |
UPDATED MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution - PATCH: NOW | 2022-05-18 14:59:44 |